diff -r 000000000000 -r 7f95f8617b0b vendor/symfony/src/Symfony/Component/Security/Acl/Domain/SecurityIdentityRetrievalStrategy.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/vendor/symfony/src/Symfony/Component/Security/Acl/Domain/SecurityIdentityRetrievalStrategy.php Sat Sep 24 15:40:41 2011 +0200 @@ -0,0 +1,82 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Acl\Domain; + +use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; + +use Symfony\Component\Security\Core\User\UserInterface; +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface; +use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver; +use Symfony\Component\Security\Core\Role\RoleHierarchyInterface; +use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter; + +/** + * Strategy for retrieving security identities + * + * @author Johannes M. Schmitt + */ +class SecurityIdentityRetrievalStrategy implements SecurityIdentityRetrievalStrategyInterface +{ + private $roleHierarchy; + private $authenticationTrustResolver; + + /** + * Constructor + * + * @param RoleHierarchyInterface $roleHierarchy + * @param AuthenticationTrustResolver $authenticationTrustResolver + * + * @return void + */ + public function __construct(RoleHierarchyInterface $roleHierarchy, AuthenticationTrustResolver $authenticationTrustResolver) + { + $this->roleHierarchy = $roleHierarchy; + $this->authenticationTrustResolver = $authenticationTrustResolver; + } + + /** + * {@inheritDoc} + */ + public function getSecurityIdentities(TokenInterface $token) + { + $sids = array(); + + // add user security identity + if (!$token instanceof AnonymousToken) { + try { + $sids[] = UserSecurityIdentity::fromToken($token); + } catch (\InvalidArgumentException $invalid) { + // ignore, user has no user security identity + } + } + + // add all reachable roles + foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) { + $sids[] = new RoleSecurityIdentity($role); + } + + // add built-in special roles + if ($this->authenticationTrustResolver->isFullFledged($token)) { + $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY); + $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); + $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); + } else if ($this->authenticationTrustResolver->isRememberMe($token)) { + $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); + $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); + } else if ($this->authenticationTrustResolver->isAnonymous($token)) { + $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); + } + + return $sids; + } +}